Applying Strong Auth and DLP to Collaborative File Sharing

Employees love the convenience and utility of collaborative file sharing applications like Box.com. Sharing contracts, graphics/video files, or other corporate content using a cloud based service empowers users to share information directly with external partners-outside traditional enterprise security controls. You want to encourage productivity but you also need a strategy that addresses how you’re going to control access to file sharing applications and inspect data before it leaves the enterprise.

In this webinar Intel, McAfee and Box have joined forces to discuss how content can be protected throughout the collaboration lifecycle-from access and upload to download and distribution.

You will learn:
•Overview of typical file sharing use cases and workflows
•Streamlining access for users
•Tying federated authentication to corporate id stores
•Adding 2nd factor strong authentication for sensitive document sharing
•Blocking sensitive files from upload
•On-prem, 100% in the cloud, and hybrid implementation options
As a bonus, all attendees will be eligible to receive a free enterprise trial account from Box.

Tom Bowers, vCISO for ePlus and their clients, will cover what he sees as the looming threats for 2016, including Threat Intelligence and Sharing, State Sponsored Code and Commercial Malware, Security of Big Data, Embedded Systems, and the Physical and Cyber Convergence.

Customer data is complicated. It lives everywhere and changes frequently. Creating a holistic view of the customer journey can be a challenge, even as the opportunities are obvious. Join Larry Drebes, Founder and CEO of Janrain for lessons learned from thousands of enterprises, challenges with different approaches to customer data management, and the benefits of managing customer identity in the cloud.

Email is #1 source of risk in today's enterprise, yet also the #1 digital communication channel for businesses today. The United States Postal Service sends more than thirteen million emails per day, which makes their email channel and brand a high-profile target for criminal email cyberattacks. In this case study webinar, hear from Michael Ray, Inspector in Change of Revenue, Product & Cyber Security at the United States Postal Inspection Service, as he shares their story of how they implemented Agari to protect their brand and their customers against fraudulent attacks by securing their email channel.

Email is #1 source of risk in today's enterprise, yet also the #1 digital communication channel for businesses today. The United States Postal Service sends more than thirteen million emails per day, which makes their email channel and brand a high-profile target for criminal email cyberattacks. In this case study webinar, hear from Michael Ray, Inspector in Change of Revenue, Product & Cyber Security at the United States Postal Inspection Service, as he shares their story of how they implemented Agari to protect their brand and their customers against fraudulent attacks by securing their email channel.

Operating from the belief that education is the most powerful weapon, one of our foremost security researchers will provide an analysis on a recently documented stealthy malware family named Stegoloader. Our upcoming webcast will unveil the sophistication of Stegoloader’s characteristics which make it hard to analyze and detect. This webcast will help you understand the nature of Stegoloader in order to counter it more efficiently and effectively.

Pierre-Marc Bureau, Senior Security Researcher from the Counter Threat Unit (CTU), will discuss how Stegoloader cloaks its main component as a harmless Portable Network Image (PNG) while it extracts and executes malicious code hidden within an image. Although CTU researchers have not observed Stegoloader being used in targeted attacks, it has significant information stealing capabilities. Malware authors are constantly looking for ways to adapt and improve detection mechanisms, which makes Stegoloader a prime candidate for cyber-criminals arsenals. Learn how digital steganography may be a new trend for threat actors globally.

In this webcast, you will:

- Gain insight on when and where Stegoloader was first encountered.
- Learn characteristics of Stegoloader and how it operates.
- Understand digital steganography trends and how to detect and remediate.

A seemingly never-ending string of large scale data breaches across all sectors of the economy and government have had devastating affects on countless individuals — and irreparably damaged organizations of all kinds. It’s been proven that privileged users, and the accounts and credentials they use, are a crucial element in conducting a successful attack. But it’s possible to protect those users and stop data breaches in their tracks.

In this webcast, we’ll explain how Xsuite and privileged identity management can stop attackers at multiple points in the data breach lifecycle, preventing damage and disruption. Join us to learn:

- Who are privileged users and why are they important?
- How do attackers exploit privileged users and their credentials to carry out breaches?
- See a hands-on demonstration of Xsuite and how it can manage, control, and protect privileged users and credentials and your business assets.

Register now to join us live at 1:00 pm ET Thursday, July 30, 2015 or on demand afterwards.

The rise in e-commerce data breaches over the past year raises important questions: Why is cardholder data such a big target, how do the bad guys get in and why are we seemingly powerless to stop them?

This session will examine the black market for card data, the three most common attack vectors, and the wrong way to encrypt databases.

You will see real-world examples of malware discovered during investigations and gain insights into the skill sets of each attacker.

The rise in e-commerce data breaches over the past year raises important questions: Why is cardholder data such a big target, how do the bad guys get in and why are we seemingly powerless to stop them?

This session will examine the black market for card data, the three most common attack vectors, and the wrong way to encrypt databases.

You will see real-world examples of malware discovered during investigations and gain insights into the skill sets of each attacker.

In this webcast, we will go over Qualys hardware and virtual scanner appliances for internal and external vulnerability scans. We will then demonstrate how you can discover various assets in your network, prioritize them, execute vulnerability scans, and generate reports that would suit your needs.

This presentation will provide an overview of contextualization and how contextualized data can be used to prevent both known and unknown threats. It will dive deep into the technologies used in the collation and analysis process across both single and multiple threat types. It will conclude with real world use cases where contextualized data can help identified and prevent threats.

Join Securosis analysts Adrian Lane and Gunnar Peterson as they discuss their new report, "API Gateways: Where Security Enables Innovation". This "speed round" style webinar will focus on API security best practices and will invite real world security questions from the audience. All attendees will receive a free copy of the report.

APIs are a hot topic in all sectors of IT - they have gone from being niche solutions provided by big players like Amazon and Google, to being almost as ubiquitous as corporate websites. Ad hoc API development & evangelism without a formal program can leave real revenue on the table, can unintentionally leak sensitive data, and can tarnish the corporate brand with the development community. Today, developers and partners expect to be engaged with first class API programs, while businesses expect real insights to know which APIs are profitable and which APIs to bring to market next. In this webinar, Intel & Mashery outline the baseline enterprise pillars for constructing a first class API program. Learn from CapitalOne how they strategized to build an API program grounded in core business objectives. All attendees to receive a new Mobile API Buyers Guide that presents how to optimize APIs for mobile apps.

As the Enterprise begins to expose application APIs as packaged products consumed by developer communities, partners, and mobile devices- they are also opening new threat vectors into their back end infrastructure. APIs include self documenting meta data that often mistakenly provides information on usage and connections that can be used for SQL injection or other content borne attacks. The application layer must deal with a wide range of protocols with potential threats… from XML/SOAP, REST/JSON, and OAuth/and API Keys used in application requests. In this webinar, we outline API best practice security measures such as encryption, SSL, key management, DLP, and schema validation. To scale deployment Intel showcases how an API Gateway combined with a portal managed service in the cloud can safely share APIs while tightly integrating cloud/on-prem applications.

In this product launch webinar, Intel & API Management magic quadrant leader Mashery discuss the market drivers that have created the need for enterprise class API management solutions that scale to thousands of developers and consumers. We showcase a new composite API platform solution available from Intel, that packages a cloud based API portal from Mashery for promotion, monitoring, and sharing of meta data to developer communities with the Intel gateway security & integration solution that exposes RESTful APIs for consumption at the network edge. The lifecycle for APIs will be discussed along with the typical separation of duties for API management within the enterprise: Service Administrators, Developers, and Architects. Tune in to learn how to package APIs as revenue generating products, safely expose back end applications, and drive usage with mobile consumers and developer communities.

HITEC and the Patient Protection & Affordable Care Act (PPACA) are fueling the requirement for, and subsequent growth of, interoperable systems in the US -- with a common thread between all the various initiatives being the use of SOA, mobile focused information exchange, and protecting patient data privacy.

In this webinar, Intel looks specifically at the Health Insurance Exchange (HIX) ecosystem and posits a "Service Gateway Reference Architecture" that incorporates legacy protocols, the workflows involved in information exchange, information delivery to mobile APIs, and PHI data protection. Maximus, a leader with programs in health and human services, that has partnered with state, local, and Federal government - discusses how to protect PHI for HIPAA compliance.

The issue with the predominant multi-tier data center application architecture is that it is designed with a browser in mind. Mobile Device Management and Web-only Firewalls do not address how to incorporate server side applications, legacy data, and identity infrastructure with the sea of heterogeneous mobile platforms, operating systems, and programming languages used today. We present how Service/API Gateway enables the mobile application economy via REST APIs with JSON and mobile friendly tokens such as OAuth. Finally we outline an end-to-end mobile enablement architecture to expose app data via APIs, advertise APIs to developers via a portal, and tools that make it easy for developers to use those APIs to create mobile apps.

Organizations need something stronger than a simple UserID/password logon to protect sensitive data in the cloud. Strong authentication is the industry standard for protecting personal, financial, healthcare or confidential corporate information. In this webinar, identity security experts from Intel/McAfee, Nordic Edge and BioID discuss the various types of multi-factor authentication that are available, and when, where and how they can be deployed to provide essential protections.

Over the past decade, Salesforce.com has evolved from a CRM destination to a suite of platforms that enable social enterprise collaboration. Now identity and access management are at the forefront of the latest capabilities enabled by Salesforce.com and its ISV partners Intel & McAfee. Not only can an enterprise enable seamless SSO access into Salesforce.com from corporate ID stores, they can manage access to any external SaaS app or up-level cloud provider authentication with multi-factor authentication, all managed 100% within the Salesforce platform.

In this webinar, Salesforce.com’s identity experts present their latest platform capabilities for cloud security & outline new areas of focus in federation standards, such as provisioning and support for mobile apps. Intel presents their experience in leveraging the Force.com platform to build their Identity-as-a-Service offering: Intel Cloud SSO - now available on AppExchange.

You will learn:

* How to enable seamless SSO into custom apps deployed on Force.com
* How to leverage resident Salesforce.com identities for cloud access
* How to implement SSO across large multi-org Salesforce.com hierarchies
* Mobile cloud SSO design patterns and emerging standards
* How to apply Multi-Factor Authentication for access to Salesforce or SaaS
* How to leverage Active Directory for access to external SaaS apps
* New Force.com cloud security capabilities

When securing credit card data, the imperative to be PCI DSS compliant remains a constant, while the actual solution implemented by merchants can vary depending on the size and nature of an organization. A solution for a small merchant with low transactions will differ from mid-sized retailers with a web presence…from a large merchant with POS & back-office payment infrastructure. Securosis.com’s expert PCI-DSS analyst Adrian Lane, dissects the deployment models with pros and cons of: on-prem vs outsourced models, proxy based tokenization, and format preserving encryption. Adrian covers base tokenization flows for newbies and reflects on detailed cost, pricing, & vendor lock-in concerns for deployments in progress. You will learn:

As organizations move to the Cloud, concerns arise about retaining control of data resident on third-party services. At the same time, distributing information and protecting intellectual property across a distributed, cloud-based supply chain is a business and IT concern, since there is a need for verifiable trust and persistent visibility into the flow of information. An emerging white space exists for the glue between identity logic, data properties, storage and key management in terms of defining, managing and enforcing policies across SaaS, cloud, mobile and hybrid environments. In this webinar we present the concepts and review solutions that are beginning to address this white space: the cloud service broker role, API/Service Gateways, & Identity as a Service.

Outsourcing identity management to the cloud allows you to reduce costs, improve productivity, strengthen security, and streamline IT operations.
Join us for a first look at Intel’s new identity as a service offering that simplifies the cumbersome process of providing users with access to hundreds of SaaS apps. We provide an overview of the multi-tenant platform architecture, strong auth security controls and unique configuration capabilities gained through our deployment on Force.com. Hear about first impressions from customers.
You will learn about:
•Benefits of outsourcing identity to the cloud
•How & when to incorporate corp id stores
•Cloud access scenarios where 2nd Factor Auth should be applied
•100% in cloud, on-prem, or hybrid- which is right for you?
•Decision criteria used by customers to choose IDaaS

As APIs enable organizations to extend their products into broad-based platforms and as applications are shared outside the protective firewall to/from the cloud and among cloud providers--Security, Governance, Control, and Managment of these APIs have never been more important. API Security necessarily deals with four major issues: Identity and Authentication, Access Control and Authorization, Input Validation, and Misconfiguration. As a follow on to the introductory Enterprise API Requirements webinar, this technical session will take a deep dive into Enterprise API Security including:

Employees love the convenience and utility of collaborative file sharing applications like Box.com. Sharing contracts, graphics/video files, or other corporate content using a cloud based service empowers users to share information directly with external partners-outside traditional enterprise security controls. You want to encourage productivity but you also need a strategy that addresses how you’re going to control access to file sharing applications and inspect data before it leaves the enterprise.

In this webinar Intel, McAfee and Box have joined forces to discuss how content can be protected throughout the collaboration lifecycle-from access and upload to download and distribution.

You will learn:
•Overview of typical file sharing use cases and workflows
•Streamlining access for users
•Tying federated authentication to corporate id stores
•Adding 2nd factor strong authentication for sensitive document sharing
•Blocking sensitive files from upload
•On-prem, 100% in the cloud, and hybrid implementation options
As a bonus, all attendees will be eligible to receive a free enterprise trial account from Box.

While APIs have been ubiquitous within the enterprise for many years, today they are emerging as the new enterprise control point for cloud applications. In the modern API economy, every enterprise with an Internet presence has an opportunity to expose APIs to third-party access, unlocking value in data and services that would otherwise be hidden behind monolithic legacy systems. While API management might be an old concept, cloud-based API management presents a new discipline with added security, visibility, integration, and scale requirements.

New approaches to identity and access management based on leveraging the powerful, elastic, and cost-effective cloud model are emerging. In this webinar, Dave Kearns, Sr. Analyst at KuppingerCole, will discuss the benefits and challenges of moving use identities to the cloud. Vikas Jain, Director of Product Management at Intel, will follow with an overview of Intel Cloud SSO, Intel’s newest identity and security solution for the cloud.

The recommended cloud security stack, standards, and operating frameworks have rapidly evolved into a set of production quality best practices for the Enterprise as they engage each cloud provider. However, as scale is applied, managing 1-n cloud relationships and services across hybrid environments points to a brokered or intermediary model to solve integration/security complexity, aggregate services, & add new value. This is not new- B2B EDI evolved much the same way from point-to-point, to IT department managed gateway VANs, to 3rd party industry B2B exchanges. Join this webinar to prepare your organization for Cloud Service Brokerage - Gartnerâs Daryl C. Plummer has forecast this as âthe biggest growth area for cloud computing.â

Application security & analytics software that help enable the Hybrid Enterprise model where data and apps are deployed across on-prem and cloud environments. Transform how services & sensitive data are exposed as APIs to developers/mobile, aggregate and analyze corporate data for new insights, and ensure data level security and compliance.